Table Variable and Temp Tables in Sql Server 2005

Here I am using Temp Table and Table Variable.
This code is using iteration logic (loop through).

--- tempLocations table which conists Id,LocationId ( 1,30 | 2,31 | 3,32 | 4,33 | 5,34 | 6, 35 )

Table variable:

declare table @TempLocations (Id int identity, LocationId int)

Temp Table :
declare table #TempGrid
(countOfCurrentPostalCode int, LocationId int, PostalCode varchar(20))

declare @loop int
set @loop = (select min(Id) from @TempLocations)
declare @LocationId int
select @LocationId = LocationId from @TempLocations where id = @loop
insert into #TempGrid
select top 200 count(PostalCode) as counter , locationid, postalcode from TempFinal where locationId = @LocationId group by locationid, postalcode order by counter desc
set @loop = (Select min(Id) from @TempLocations where Id > @loop )

select * from #TempGrid
select * from #tempLocations

How to write Transactional Error Messages into a Error Log Table in Sql Server 2005?

A TRY Block - the TRY block contains the instructions that might cause an exception

A CATCH Block - if an exception occurs from one of the statements in the TRY block, control is branched to the CATCH block, where the exception can be handled, logged, and so on.


INSERT dbo.ErrorLog([ErrorNumber],[ErrorMessage],[ErrorSource],[ErrorLine])

How to Display First 10 Records only from a Result set in Sql Server 2005?

How to display first 10 records from a result set?

Here I used CTE (Common Table Expression), and Row_Number() function in Sql Server 2005.

USE AdventureWorks;
WITH OrderedOrders AS
(SELECT ROW_NUMBER() OVER (order by OrderDate)as RowNumber,*
FROM Sales.SalesOrderHeader )

FROM OrderedOrders
WHERE RowNumber <= 10

How to Embed Audio/Video/PDF files within Sharepoint Application?

I found 2 links for doing this operations.

Here they are

playing audio/video files within Sharepoint

Showing PDF document content in Sharepoint

C# Interview Questions

1. Does C# support multiple-inheritance?

2. Who is a protected class-level variable available to?
It is available to any sub-class (a class inheriting this class).

3. Are private class-level variables inherited?
Yes, but they are not accessible. Although they are not visible or accessible via the class interface, they are inherited.

4. Describe the accessibility modifier “protected internal”.
It is available to classes that are within the same assembly and derived from the specified base class.

5. What’s the top .NET class that everything is derived from?

6. What does the term immutable mean?
The data value may not be changed. Note: The variable value may be changed, but the original immutable data value was discarded and a new data value was created in memory.

7. What’s the difference between System.String and System.Text.StringBuilder classes?
System.String is immutable. System.StringBuilder was designed with the purpose of having a mutable string where a variety of operations can be performed.

8. What’s the advantage of using System.Text.StringBuilder over System.String?
StringBuilder is more efficient in cases where there is a large amount of string manipulation. Strings are immutable, so each time a string is changed, a new instance in memory is created.

9. Can you store multiple data types in System.Array?

10. What’s the difference between the System.Array.CopyTo() and System.Array.Clone() ?
The Clone() method returns a new array (a shallow copy) object containing all the elements in the original array. The CopyTo() method copies the elements into another existing array. Both perform a shallow copy. A shallow copy means the contents (each array element) contains references to the same object as the elements in the original array. A deep copy (which neither of these methods performs) would create a new instance of each element's object, resulting in a different, yet identacle object.

11. How can you sort the elements of the array in descending order?
By calling Sort() and then Reverse() methods.

12. What’s the .NET collection class that allows an element to be accessed using a unique key?

13. What class is underneath the SortedList class?
A sorted HashTable.

14. Will the finally block get executed if an exception has not occurred?

15. What’s the C# syntax to catch any possible exception?
A catch block that catches the exception of type System.Exception. You can also omit the parameter data type in this case and just write catch {}.

16. Can multiple catch blocks be executed for a single try statement?
No. Once the proper catch block processed, control is transferred to the finally block (if there are any).

17. Explain the three services model commonly know as a three-tier application.
Presentation (UI), Business (logic and underlying code) and Data (from storage or other sources).

SQL Interview Questions

Why is a UNION ALL faster than a UNION?

UNION ALL faster than a UNION because for union operation server needs to remove the duplicate values but for union all its not. Thats why the UNOIN ALL is fater than UNION Operation. It is recommended that if you know that the union set operation never returns duplicate values than you must use UNION ALL instead of UNION.

How many types of data models are there?

There are no standards in this area. Authors and theorists make it up as they go. The entity-relationship model (ER) has hundreds of derivitives (bachman, chen, ibm, IDEF1x etc.). the most popular of the OO models is Unified Modeling Language (UML). Actually UML and IDEF1x are closest to becoming a standard that can support software products. Rational already has products and IDEF1x is the language of ERwin.
Don't be fooled by these variations. They all represent the same things, you have to be very careful that you understand all of the non-standard symbols or you will surely make mistakes in interpreting what the pictures mean.

What is denormalization and when would you go for it?

As the name indicates, denormalization is the reverse process of normalization. It's the controlled introduction of redundancy in to the database design. It helps improve the query performance as the number of joins could be reduced.

What's the difference between a primary key and a unique key?

Both primary key and unique enforce uniqueness of the column on which they are defined. But by default primary key creates a clustered index on the column, where are unique creates a nonclustered index by default. Another major difference is that, primary key doesn't allow NULLs, but unique key allows one NULL only.

Define candidate key, alternate key, composite key.

A candidate key is one that can identify each row of a table uniquely. Generally a candidate key becomes the primary key of the table. If the table has more than one candidate key, one of them will become the primary key, and the rest are called alternate keys.

A key formed by combining at least two or more columns is called composite key.

What are defaults? Is there a column to which a default can't be bound?
A default is a value that will be used by a column, if no value is supplied to that column while inserting data. IDENTITY columns and timestamp columns can't have defaults bound to them. See CREATE DEFUALT in books online.

Whar is an index? What are the types of indexes? How many clustered indexes can be created on a table? I create a separate index on each column of a table. what are the advantages and disadvantages of this approach?

Indexes in SQL Server are similar to the indexes in books. They help SQL Server retrieve the data quicker.

Indexes are of two types. Clustered indexes and non-clustered indexes. When you craete a clustered index on a table, all the rows in the table are stored in the order of the clustered index key. So, there can be only one clustered index per table. Non-clustered indexes have their own storage separate from the table data storage. Non-clustered indexes are stored as B-tree structures (so do clustered indexes), with the leaf level nodes having the index key and it's row locater. The row located could be the RID or the Clustered index key, depending up on the absence or presence of clustered index on the table.

If you create an index on each column of a table, it improves the query performance, as the query optimizer can choose from all the existing indexes to come up with an efficient execution plan. At the same t ime, data modification operations (such as INSERT, UPDATE, DELETE) will become slow, as every time data changes in the table, all the indexes need to be updated. Another disadvantage is that, indexes need disk space, the more indexes you have, more disk space is used.

What are cursors? Explain different types of cursors. What are the disadvantages of cursors? How can you avoid cursors?

Cursors allow row-by-row prcessing of the resultsets.

Types of cursors: Static, Dynamic, Forward-only, Keyset-driven. See books online for more information.

Disadvantages of cursors: Each time you fetch a row from the cursor, it results in a network roundtrip, where as a normal SELECT query makes only one rowundtrip, however large the resultset is. Cursors are also costly because they require more resources and temporary storage (results in more IO operations). Furthere, there are restrictions on the SELECT statements that can be used with some types of cursors.

Most of the times, set based operations can be used instead of cursors. Here is an example:

If you have to give a flat hike to your employees using the following criteria:

Salary between 30000 and 40000 -- 5000 hike
Salary between 40000 and 55000 -- 7000 hike
Salary between 55000 and 65000 -- 9000 hike

In this situation many developers tend to use a cursor, determine each employee's salary and update his salary according to the above formula. But the same can be achieved by multiple update statements or can be combined in a single UPDATE statement as shown below:

UPDATE tbl_emp SET salary =
CASE WHEN salary BETWEEN 30000 AND 40000 THEN salary + 5000
WHEN salary BETWEEN 40000 AND 55000 THEN salary + 7000
WHEN salary BETWEEN 55000 AND 65000 THEN salary + 10000

Another situation in which developers tend to use cursors: You need to call a stored procedure when a column in a particular row meets certain condition. You don't have to use cursors for this. This can be achieved using WHILE loop, as long as there is a unique key to identify each row. For examples of using WHILE loop for row by row processing,

What is a join and explain different types of joins?

Joins are used in queries to explain how different tables are related. Joins also let you select data from a table depending upon data from another table.


What is a Stored Procedure?

Its nothing but a set of T-SQL statements combined to perform a single task of several tasks. Its basically like a Macro so when you invoke the Stored procedure, you actually run a set of statements.

What is the basic difference between clustered and a non-clustered index?

The difference is that, Clustered index is unique for any given table and we can have only one clustered index on a table. The leaf level of a clustered index is the actual data and the data is resorted in case of clustered index. Whereas in case of non-clustered index the leaf level is actually a pointer to the data in rows so we can have as many non-clustered indexes as we can on the db.

What are cursors?

Well cursors help us to do an operation on a set of data that we retreive by commands such as Select columns from table. For example : If we have duplicate records in a table we can remove it by declaring a cursor which would check the records during retreival one by one and remove rows which have duplicate values.

Which TCP/IP port does SQL Server run on?

SQL Server runs on port 1433 but we can also change it for better security.

Can we use Truncate command on a table which is referenced by FOREIGN KEY?

No. We cannot use Truncate command on a table with Foreign Key because of referential integrity.

What is the use of DBCC commands?

DBCC stands for database consistency checker. We use these commands to check the consistency of the databases, i.e., maintenance, validation task and status checks.

What is the difference between a HAVING CLAUSE and a WHERE CLAUSE?

Having Clause is basically used only with the GROUP BY function in a query. WHERE Clause is applied to each row before they are part of the GROUP BY function in a query.

What is a Linked Server?

Linked Servers is a concept in SQL Server by which we can add other SQL Server to a Group and query both the SQL Server dbs using T-SQL Statements.

Can you link only other SQL Servers or any database servers such as Oracle?

We can link any server provided we have the OLE-DB provider from Microsoft to allow a link. For Oracle we have a OLE-DB provider for oracle that microsoft provides to add it as a linked server to the sql server group.

How do you troubleshoot SQL Server if its running very slow?

First check the processor and memory usage to see that processor is not above 80% utilization and memory not above 40-45% utilization then check the disk utilization using Performance Monitor, Secondly, use SQL Profiler to check for the users and current SQL activities and jobs running which might be a problem. Third would be to run UPDATE_STATISTICS command to update the indexes.

What is log shipping?

Can we do logshipping with SQL Server 7.0 - Logshipping is a new feature of SQL Server 2000. We should have two SQL Server - Enterprise Editions. From Enterprise Manager we can configure the logshipping. In logshipping the transactional log file from one server is automatically updated into the backup database on the other server. If one server fails, the other server will have the same db and we can use this as the DR (disaster recovery) plan.

Let us say the SQL Server crashed and you are rebuilding the databases including the master database what procedure to you follow?

For restoring the master db we have to stop the SQL Server first and then from command line we can type SQLSERVER .m which will basically bring it into the maintenance mode after which we can restore the master db.

What is BCP? When do we use it?

BulkCopy is a tool used to copy huge amount of data from tables and views. But it won’t copy the structures of the same.

What is the difference between oracle,sql and sql server ?

Oracle is based on RDBMS.
SQL is Structured Query Language.
SQL Server is another tool for RDBMS provided by MicroSoft.
why you need indexing ? where that is stroed and what you mean by schema object? For what purpose we are using view?

We cant create an Index on Index.. Index is stoed in user_index table.Every object that has been created on Schema is Schema Object like Table,View etc.If we want to share the particular data to various users we have to use the virtual table for the Base table...So tht is a view.

indexing is used for faster search or to retrieve data faster from various table. Schema containing set of tables, basically schema means logical separation of the database. View is crated for faster retrieval of data. It's customized virtual table. we can create a single view of multiple tables. Only the drawback is..view needs to be get refreshed for retrieving updated data.

Difference between Store Procedure and Trigger?

we can call stored procedure explicitly.
but trigger is automatically invoked when the action defined in trigger is done.
ex: create trigger after Insert on
this trigger invoked after we insert something on that table.
Stored procedure can't be inactive but trigger can be Inactive.
Triggers are used to initiate a particular activity after fulfilling certain condition.It need to define and can be enable and disable according to need.

What is the advantage to use trigger in your PL?

Triggers are fired implicitly on the tables/views on which they are created. There are various advantages of using a trigger. Some of them are:

Suppose we need to validate a DML statement(insert/Update/Delete) that modifies a table then we can write a trigger on the table that gets fired implicitly whenever DML statement is executed on that table.
Another reason of using triggers can be for automatic updation of one or more tables whenever a DML/DDL statement is executed for the table on which the trigger is created.
Triggers can be used to enforce constraints. For eg : Any insert/update/ Delete statements should not be allowed on a particular table after office hours. For enforcing this constraint Triggers should be used.
Triggers can be used to publish information about database events to subscribers. Database event can be a system event like Database startup or shutdown or it can be a user even like User loggin in or user logoff.
What the difference between UNION and UNIONALL?

Union will remove the duplicate rows from the result set while Union all does'nt.

What is the difference between TRUNCATE and DELETE commands?

Both will result in deleting all the rows in the table .TRUNCATE call cannot be rolled back as it is a DDL command and all memory space for that table is released back to the server. TRUNCATE is much faster.Whereas DELETE call is an DML command and can be rolled back.

Which system table contains information on constraints on all the tables created ?
system table contains information on constraints on all the tables created

Explain normalization ?
Normalisation means refining the redundancy and maintain stablisation. there are four types of normalisation :
first normal forms, second normal forms, third normal forms and fourth Normal forms.

How to find out the database name from SQL*PLUS command prompt?
Select * from global_name;
This will give the datbase name which u r currently connected to.....

What is the difference between SQL and SQL Server ?

SQLServer is an RDBMS just like oracle,DB2 from Microsoft
Structured Query Language (SQL), pronounced "sequel", is a language that provides an interface to relational database systems. It was developed by IBM in the 1970s for use in System R. SQL is a de facto standard, as well as an ISO and ANSI standard. SQL is used to perform various operations on RDBMS.

What is diffrence between Co-related sub query and nested sub query?

Correlated subquery runs once for each row selected by the outer query. It contains a reference to a value from the row selected by the outer query.

Nested subquery runs only once for the entire nesting (outer) query. It does not contain any reference to the outer query row.

For example,

Correlated Subquery:

select e1.empname, e1.basicsal, e1.deptno from emp e1 where e1.basicsal = (select max(basicsal) from emp e2 where e2.deptno = e1.deptno)

Nested Subquery:

select empname, basicsal, deptno from emp where (deptno, basicsal) in (select deptno, max(basicsal) from emp group by deptno)

Pattern matching operator is LIKE and it has to used with two attributes

1. % and

2. _ ( underscore )

% means matches zero or more characters and under score means mathing exactly one character

1)What is difference between Oracle and MS Access?
2) What are disadvantages in Oracle and MS Access?
3) What are feratures&advantages in Oracle and MS Access?

Oracle's features for distributed transactions, materialized views and replication are not available with MS Access. These features enable Oracle to efficiently store data for multinational companies across the globe. Also these features increase scalability of applications based on Oracle.

What is database?
A database is a collection of data that is organized so that itscontents can easily be accessed, managed and updated. open this url :

What is cluster.cluster index and non cluster index ?
Clustered Index:- A Clustered index is a special type of index that reorders the way records in the table are physically stored. Therefore table may have only one clustered index.Non-Clustered Index:- A Non-Clustered index is a special type of index in which the logical order of the index does not match the physical stored order of the rows in the disk. The leaf nodes of a non-clustered index does not consists of the data pages. instead the leaf node contains index rows.

How can i hide a particular table name of our schema?
you can hide the table name by creating synonyms.

e.g) you can create a synonym y for table x

create synonym y for x;

What is difference between DBMS and RDBMS?
The main difference of DBMS & RDBMS is

RDBMS have Normalization. Normalization means to refining the redundant and maintain the stablization.
the DBMS hasn't normalization concept.

What are the advantages and disadvantages of primary key and foreign key in SQL?

Primary key


1) It is a unique key on which all the other candidate keys are functionally dependent


1) There can be more than one keys on which all the other attributes are dependent on.

Foreign Key


1)It allows refrencing another table using the primary key for the other table

Which date function is used to find the difference between two dates?

for Eg: select datediff (dd,'2-06-2007','7-06-2007')

output is 5

How to clear all the selected Items from a Check Box List in 2.0?

How to clear all the selected Items from a Check Box List in 2.0?

Here is the sample code for doing this operation

for (int i = 0; i < chkSubCategories.Items.Count; i++)
chkSubCategories.Items[i].Selected = false;

How to pass XML content as Parameter to back end in

How to pass XML content as Parameter to back end in

here strXML is input parameter. here we are going to write XML content into Sql server 2005.

protected void XMLWRITER(string strXML)
string strCon = "server=myServer;database=myDB;User ID=vbtc;Password=vbtc";
string strSql = "UPDATE Sites SET Categories = @Categories where SNo = @SNo";
SqlConnection objCon = new SqlConnection(strCon);
SqlCommand objCmd = new SqlCommand();
objCmd.Connection = objCon;
objCmd.CommandType = CommandType.Text;
objCmd.CommandText = strSql;
SqlParameter objParaSNo = new SqlParameter("@SNo", System.Type.GetType("System.Int32"));
SqlParameter objParaCategory = new SqlParameter("@Categories", System.Type.GetType("System.Xml"));

objParaSNo .Value = int.Parse(txtSNo.Text);
objParaCategory.Value = strXML;

catch (Exception ee)
Response.Write(ee.Message + " " + ee.StackTrace);

How to iterate SortedList values one by one?

How to iterate SortedList values one by one in

using System.Collections; ---> Namespace must be added;
objL ---> a SortedList with values.

IDictionaryEnumerator ide = objL.GetEnumerator();
while (ide.MoveNext())
string strVal = ide.Value.ToString();

Adding all selected Items from CheckBox List to SortedList

Adding all selected Items from CheckBox List to SortedList in 2.0

chkSubCategories --> A CheckBoxList Control which is already populated with some values.

using System.Collections;

SortedList objL = new SortedList();
for (int i = 0; i < chkSubCategories.Items.Count; i++)
if (chkSubCategories.Items[i].Selected == true)
objL.Add(chkSubCategories.Items[i].Value, chkSubCategories.Items[i].Text);

How to display a confirm box while deleting an item in Gridview?

Confirm delete for GridView's Link Button using JavaScript

Here is the code using 2.0

<script type="text/javascript">

function confirm_delete()


if (confirm("Are you sure you want to delete the contact?")==true)

return true;


return false;



<asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False"


<asp:BoundField DataField="ID" SortExpression="ID" HeaderText="ID" />

<asp:BoundField DataField="Name" SortExpression="Name" HeaderText="Name" />

<asp:BoundField DataField="City" SortExpression="City" HeaderText="City" />

<asp:TemplateField HeaderText="Delete">


<asp:LinkButton ID="lnkDelete" runat="server" CommandName="Delete" Text="Delete"
OnClientClick="javascript : return confirm('Do you really want to \ndelete the





How to Display Date in mm/dd/yyyy format in sql server?

Displaying Date in yyyy/mm/dd format in Sql Server 2005

SELECT CONVERT(VARCHAR(19),CreatedDate,111)AS [Created Date] FROM tblSample

select convert(varchar(19),getdate(),111)

Displaying Date in mm/dd/yyyy format in Sql Server 2005

select CONVERT (CHAR(19),CreatedDate,101) AS [Created Date] FROM tblSample

select convert(varchar(19),getdate(),101)

Enjoy SQL Coding..

How to display Top 10 commentators in your blog?


How to display Top 10 commentators in your blog?

Here is the javascript code for displaying top 10 commentators with number of comments.

<script type="text/javascript">

function pipeCallback(obj)



for (var i = 0; i < parseInt(obj.count) ; i++)


var href = "'" + obj.value.items[i].link + "'";

var item = "<li>" + "<a href=" + href + ">" + obj.value.items[i].title + "</a>

if ("TamilNenjam") < 0 )








<script src="




If you do not want to display your name in the list, please attach this code.
if ("YOUR NAME") < 0 )




Make some appropriate changes for your convenience.

Please Click Here to get the Source code

Converting VARCHAR to FLOAT in SQL Server 2005

How to Convert from VARCHAR into FLOAT in Sql Server 2005?

In many places we are converting one dataype into different data type.
Here is the example code for converting VARCHAR into FLOAT datatype.


SELECT @Y = convert(decimal(17,11),Code) FROM TestTable
PRINT @Y --I want Y to be 521698.98999999999

Enjoy SQL Coding...

How to Display a Random Post in your Blog?

When a User Clicks on an Image, It will load a Random Post.
Just add the following Script in your Blog.

<div id="myLuckyPost"></div> <script type="text/javascript"> function
showLucky(root){ var feed = root.feed; var entries = feed.entry || []; var entry
= feed.entry[0]; window.location =[0].href;} function fetchLuck(luck){
script = document.createElement('script'); script.src = '/feeds/posts/summary?start-index='+luck+'&max-results=1&alt=json-in-script&callback=showLucky';
script.type = 'text/javascript'; document.getElementsByTagName('head')[0].appendChild(script);
} function feelingLucky(root){ var feed = root.feed; var total = parseInt(feed.openSearch$totalResults.$t,10);
var luckyNumber = Math.floor(Math.random()*total);luckyNumber++; a =
document.createElement('a'); a.href = '#random'; a.rel = luckyNumber; a.onclick
= function(){fetchLuck(this.rel);}; a.innerHTML = '<img src="">';
document.getElementById('myLuckyPost').appendChild(a); } </script> <script src="/feeds/posts/summary?max-results=0&amp;alt=json-in-script&amp;callback=feelingLucky"></script>

Just change the Image URL for different Image other than Dice.

Comma Separated Values using COALESCE function in Sql Server 2005

Comma Separated Values using COALESCE function in Sql Server 2005

SELECT @ItemList = COALESCE(cast(@ItemList as varchar(max)) + ', ', '') + cast(Ratings.RatingType as VARCHAR(100)) + ':' + cast(SiteRating.Count as VARCHAR(100) )
SiteRating ON Ratings.RatingID = SiteRating.RatingID INNER JOIN
Sites ON SiteRating.SiteID = Sites.SiteID
where Sites.SiteID = 4

PRINT @ItemList

Result : Upper:2.75, Middle:3, Lower:2.75

Step By Step Procedure for Full Text Search in Sql Server 2005

Step By Step Procedure for Full Text Search in Sql Server 2005

Step 1: Enable Full Text Search

EXEC sp_fulltext_database 'enable'

Step 2: Create a Catalog


Step 3: Create Full Text Index for columns

KEY INDEX PK_Sites ON mySites

Step 4:

Example for CONTAINS search...

FROM Sites
WHERE CONTAINS(Categories, '"LIC India"')

Example for Free Text search...

DECLARE @SearchWord varchar(30);
SET @SearchWord ='LIC India';
SELECT SiteName FROM Sites
WHERE FREETEXT(Categories, @SearchWord)

Step By Step Procedure for Full Text Search in Sql Server 2005

Paging in SQL Server 2005 using Common Table Expression

Here is the Code for Paging Operation in SQL Server 2005 using CTE.

declare @start int,@end int

select @start = 1, @end = 20;

WITH SiteInfo AS
SELECT SiteName, Latitude,Longitude,
FROM Sites
SELECT SNo,SiteName, Latitude,Longitude
FROM SiteInfo

SQL Interview Questions EBook For U

A PDF EBook for SQL Questions and Answers is here

Enjoy SQL Programming..

How to Perform Paging Operation in SQL Server 2005?

Paging Operation in SQL Server 2005

Here I have 2 parameters @start, @end

declare @start int

declare @end int

set @start = 10

set @end = 20



SiteName, Latitude,Longitude FROM Sites) as Result

WHERE SNo >= @start AND SNo <= @end

How to get An Application's Previous Versions?

Upgrading to a new version is best thing.

But, If your machine is not compatible with new version of the same application, what will happen?

You will become confusion.

If you want to get previous versions of a Application you can consider the following sites.

Visit here to get Previous versions of an application.

Here you can get Previous versions of Fire Fox.

How to add a serial number with a Query's Result Set?

In SQL Server 2005, We have ROW_NUMBER() function.

Here is the sample code:
It will display a serial number with a result set of a SQL's Select Query.

OVER (ORDER BY SiteName) as ID,
SiteName,Latitude,Logitude, CityID

SQL Injection

What is SQL Injection ?

SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution.

“SQL Injection” is subset of the an unverified/unsanitized user input vulnerability (“buffer overflows” are a different subset), and the idea is to convince the application to run SQL code that was not intended.

Why SQL injection works ?
The reason SQL injection works is that whereas most systems separate code and data, SQL combines them together. All a hacker needs to do is include some of his own code with the data he sends to a website, then he can gain control of the website.

Watch this Video

Exchange Server 2003 based Interview Questions

1. Tell me a bit about the capabilities of Exchange Server.
2. What are the different Exchange 2003 versions?
3. What's the main differences between Exchange 5.5 and Exchange 2000/2003?
4. What are the major network infrastructure for installing Exchange 2003?
5. What is the latest Exchange 2003 Service Pack? Name a few changes in functionality in that SP.
6. What are the disk considerations when installing Exchange (RAID types, locations and so on).
7. You got a new HP DL380 (2U) server, dual Xeon, 4GB of RAM, 7 SAS disks, 64-bit. What do you do next to install Exchange 2003? (you have AD in place)
8. Why not install Exchange on the same machine as a DC?
9. Are there any other installation considerations?
10. How would you prepare the AD Schema in advance before installing Exchange?
11. What type or permissions do you need in order to install the first Exchange server in a forest? In a domain?
12. How would you verify that the schema was in fact updated?
13. What type of memory optimization changes could you do for Exchange 2003?
14. How would you check your Exchange configuration settings to see if they're right?
15. What are the Exchange management tools? How and where can you install them?
16. What types of permissions are configurable for Exchange?
17. How can you grant access for an administrator to access all mailboxes on a specific server
18. What is the Send As permission?
19. What other management tools are used to manage and control Exchange 2003? Name the tools you'd use.
20. What are Exchange Recipient types? Name 5.
21. You created a mailbox for a user, yet the mailbox does not appear in ESM. Why?
22. You wanted to change mailbox access permissions for a mailbox, yet you see the SELF permission alone on the permissions list. Why?
23. What are Query Based Distribution groups?
24. What type of groups would you use when configuring distribution groups in a multiple domain forest?
25. Name a few configuration options for Exchange recipients.
26. What's the difference between Exchange 2003 Std. and Ent. editions when related to storage options and size?
27. Name a few configuration options related to mailbox stores.
28. What are System Public Folders? Where would you find them?
29. How would you plan and configure Public Folder redundancy?
30. How can you immediately stop PF replication?
31. How can you prevent PF referral across slow WAN links?
32. What types of PF management tools might you use?
33. What are the differences between administrative permissions and client permissions in PF?
34. How can you configure PF replication from the command prompt in Exchange 2003?
35. What are the message hygiene options you can use natively in Exchange 2003?
36. What are the configuration options in IMF?
37. What are virtual servers? When would you use more than one?
38. Name some of the SMTP Virtual Server configuration options.
39. What is a Mail Relay? Name a few known mail relay software or hardware options.
40. What is a Smart Host? Where would you configure it?
41. What are Routing Groups? When would you use them?
42. What are the types of Connectors you can use in Exchange?
43. What is the cost option in Exchange connectors?
44. What is the Link State Table? How would you view it?
45. How would you configure mail transfer security between 2 routing groups?
46. What is the Routing Group Master? Who holds that role?
47. Explain the configuration steps required to allow Exchange 2003 to send and receive email from the Internet (consider a one-site multiple server scenario).
48. What is DS2MB?
49. What is Forms Based Authentication?
50. How would you configure OWA's settings on an Exchange server?
51. What is DSACCESS?
52. What are Recipient Policies?
53. How would you work with multiple recipient policies?
54. What is the "issue" with trying to remove email addresses added by recipient policies? How would you fix that?
55. What is the RUS?
56. When would you need to manually create additional RUS?
57. What are Address Lists?
58. How would you modify the filter properties of one of the default address lists?
59. How can you create multiple GALs and allow the users to only see the one related to them
60. What is a Front End server? In what scenarios would you use one?
61. What type of authentication is used on the front end servers?
62. When would you use NLB?
63. How would you achieve incoming mail redundancy?
64. What are the 4 types of Exchange backups?
65. What is the Dial-Tone server scenario?
66. When would you use offline backup?
67. How do you re-install Exchange on a server that has crashed but with AD intact?
68. What is the dumpster?
69. What are the e00xxxxx.log files?
70. What is the e00.chk file?
71. What is circular logging? When would you use it?
72. What's the difference between online and offline defrag?
73. How would you know if it is time to perform an offline defrag of your Exchange stores?
74. How would you plan for, and perform the offline defrag?
75. What is the eseutil command?
76. What is the isinteg command?
77. How would you monitor Exchange's services and performance? Name 2 or 3 options.
78. Name all the client connection options in Exchange 2003.
79. What is Direct Push? What are the requirements to run it?
80. How would you remote wipe a PPC?
81. What are the issues with connecting Outlook from a remote computer to your mailbox?
82. How would you solve those issues? Name 2 or 3 methods
83. What is RPC over HTTP? What are the requirements to run it?
84. What is Cached Mode in OL2003/2007?
85. What are the benefits and "issues" when using cached mode? How would you tackle those issues?
86. What is S/MIME? What are the usage scenarios for S/MIME?
87. What are the IPSec usage scenarios for Exchange 2003?
88. How do you enable SSL on OWA?
89. What are the considerations for obtaining a digital certificate for SSL on Exchange?
90. Name a few 3rd-party CAs.
91. What do you need to consider when using a client-type AV software on an Exchange server?
92. What are the different clustering options in Exchange 2003? Which one would you choose and why.